Thursday, October 31, 2013

AIA FP comes with global web services security policy set as part of foundation pack installation as below.

Policy sets gets attached to your composite based on name. e.g. "oracle/aia_wss10_saml_token_client_policy_OPT_ON" policy gets attached to all composites with ABCS in it, as per below screen shots.

WS security header would be required if it is getting called from outside (as I believe internal calls would be supplied with WS security stuff as part of client policies). If you have policy enabled, you can use blog to when you are calling the service from external source. To disable the policy set attached to your Composites, you can individually goto each Policy Set, and disable it, or run following script:

It feels like a very basic fundamental problem, which I would describe as, a configuration setting (be a URL or anything else), should be :

Must not be hard coded inside your code or binary

Must be able to replace it from environment to environment, and changing the those value must not cause server to restart

Java or any programming language has solved this problem tens of years ago, but Oracle keep seem to be providing one after another solution for last 10 years in SOA 10g/11g, and makes it really complicated problem than it sounds..

Configuration Settings

DVMPros

Stored in MDS

Changes are independent of deployment

Nice UI for update

Cons

Hard to modularize per Composite

If managed via both UI and SVN, it can quickly can get out of sync in multiple environment.

Once, it is done, you can use than in binding section of the composite.xml file, as shown below. Token will get replaced at run time.

It looks great at first glance, but from my opinion it is one more failed attempt to solve one very fundamental problem. Here are the issues I see:

Requires server restart for change in value of Token

Only works in composite.xml - binding sections

Even in Binding section, it won't work for endpointURI as below

Therefore, it won't work for preference replacement (e.g. below)

It won't work if you have live WSDL stored in MDS. It is quite common to have both ui:wsdlLocation and binding.ws location, both as MDS location. However, if you use token inside MDS wsdl, this will not work